[META] Post-s77 skill alignment audit — naming completion (4 repos), BASE_PATH purge, CI verification, fresh-VM re-validation #230
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Goal
The s77 sweep (home#228) flipped 19 producer repos from
_uito_admin/_web. Since then, three new pieces of evidence say the workspace is not yet aligned with the latest skills, even though the s77 outcome read as "substantively complete":[[bin]] name = "hero_X_admin") and left the crate package name + directory on_ui. Per thehero_service_testskill §2 (~/.claude/skills/hero_service_test/SKILL.md), "binary OR crate" using_uiis non-compliant.BASE_PATHvalue/hero_biz/ui → /hero_biz/admin— but per thehero_web_prefixskill (line 38), the env var must not exist at all:X-Forwarded-Prefixis the only source of truth, default""on direct access._admin/_serverreads config exclusively from hero_proc secrets) was filed but blocked on home#212 completion. The BASE_PATH discovery is the first concrete META-rule violation we've identified post-s77 and will land first as an exemplar.This issue is the post-s77 alignment audit: produce one verified-clean snapshot of the workspace against the four pillar skills (
hero_service_test,hero_sockets,hero_web_prefix,hero_proc_secrets_and_meta), close out home#228 cleanly, and execute the BASE_PATH purge as a reference implementation of home#225 in miniature.Scope is producer Rust code + nu service modules + hero_demo TOMLs + hero_router service registrations. Out of scope: hero_router PR #92 (standing instruction never to merge).
Skill quotes — the four pillars
Pillar 1 — Naming/socket convention (
hero_service_testSSOT)hero_X_serverrpc.sockhero_X_adminadmin.sockhero_X_webweb.sockhero_X_appapp.sockhero_Xhero_socketsdefers tohero_service_testhere:Pillar 2 —
BASE_PATHis not an env varThe mechanism:
hero_router(or any reverse proxy) injectsX-Forwarded-Prefix: <prefix>on every routed request; an Axum middleware reads it per-request and inserts it into the template context. Direct access has no header →base_path = "".Pillar 3 — META rule for managed processes
Exception clause from the same skill (line 454):
So
HOME,HERO_SOCKET_DIR, and similar OS-launcher paths are still env-OK; everything user-configurable comes fromsecret.get.Pillar 4 — Layer/case discipline (
naming_convention)Repo + Cargo package + binary + service name + socket directory all
snake_case, all matching exactly.Audit results — current state vs the pillars
Naming compliance (Pillar 1) — partial migration in 4 repos
These repos squash-merged binary-only renames during s77; crate dir +
[package].nameare still_ui.[[bin]]name (origin/dev)[package]name (origin/dev)hero_voice_admin✅hero_voice_ui❌crates/hero_voice_ui/❌hero_proxy_admin✅hero_proxy_ui❌crates/hero_proxy_ui/❌hero_whiteboard_admin✅hero_whiteboard_ui❌crates/hero_whiteboard_ui/❌hero_osis_admin✅hero_osis_ui❌crates/hero_osis_ui/❌Reference for the "do all three" target: hero_db PR #29, hero_collab merge
3fe0585, hero_matrixchat origin/development (crate dir ishero_matrixchat_admin).Naming compliance (Pillar 1) — fully migrated (no further action)
hero_db,hero_collab(_admin),hero_matrixchat,hero_agent,hero_compute,hero_planner(_admin+_web),hero_biz(_admin),hero_browser,hero_codescalers,hero_editor,hero_lib_rhai(hero_runner_rhai_admin),hero_logic,hero_office,hero_foundry(_admin+_web),hero_livekit,hero_books(_admin+_app+_server+_web),hero_indexer,hero_aibroker.Naming compliance — outliers worth a separate look
hero_proc/crates/hero_proc_lib_ui/— non-standard_lib_uisuffix (probably a shared Askama crate for proc's own admin). Audit: should it be_lib_adminor merged intohero_proc_admin?hero_embedder— has_weband_serverbut no_admin. Per skill,_adminis "Required when server exists". Decide: add_adminor document as exception.hero_foundry_ui— separate top-level repo, deferred to home#229.BASE_PATHpurge inventory (Pillar 2)Layer A — nu service modules (writers, hero_skills):
nutools/modules/services/service_biz.nuBASE_PATH"/hero_biz/admin"(post c0186425)nutools/modules/services/service_foundry.nuHERO_FOUNDRY_BASE_PATH"/hero_foundry/ui"(stale/ui)nutools/modules/services/service_agent.nuHERO_AGENT_UI_BASE_PATH"/hero_agent/ui"(stale; agent readsHERO_AGENT_ADMIN_BASE_PATH— env-name mismatch is dead-letter)Layer B — hero_demo TOML service definitions (writers):
services/hero_biz.tomlBASE_PATH"/hero_biz/ui"(stale)services/hero_foundry.tomlHERO_FOUNDRY_BASE_PATH"/hero_foundry/ui"(stale)services/hero_agent.tomlHERO_AGENT_UI_BASE_PATH"/hero_agent/ui"(stale, dead-letter)services/hero_embedder.tomlHERO_EMBEDDER_UI_BASE_PATH"/hero_embedder/ui"(stale)Layer C — hero_router service registrations (header-injection layer):
service_manager/services/hero_biz.rs("BASE_PATH", "/hero_biz/ui")X-Forwarded-Prefixper-request header. This is the bug.service_manager/services/hero_foundry.rs("HERO_FOUNDRY_BASE_PATH", "/hero_foundry/ui")Layer D — Rust readers in managed processes:
hero_indexer/crates/hero_indexer_admin/src/main.rs:82hero_matrixchat/crates/hero_matrixchat_ui/src/lib.rs:36hero_researcher/crates/hero_researcher_server/src/main.rs:86hero_voice/crates/hero_voice_ui/src/main.rs:242hero_biz/crates/hero_biz_admin/src/web/server.rs:122std::env::var("BASE_PATH").unwrap_or_default()plumbed intoAppStateat startup; per-request middleware exists at line 85 but env value is what gets persistedhero_foundry/crates/hero_foundry_server/src/main.rs:228std::env::var("HERO_FOUNDRY_BASE_PATH").unwrap_or_default()→ServerConfig.base_pathat startup, no per-request overridehero_agent/crates/hero_agent_admin/src/routes.rs:41HERO_AGENT_ADMIN_BASE_PATH)""per skillhero_code/crates/hero_code_admin/src/routes.rs:56HERO_CODE_UI_BASE_PATH)hero_embedder/crates/hero_embedder_web/src/main.rs:69HERO_EMBEDDER_UI_BASE_PATH)hero_proc/crates/hero_proc_admin/src/routes.rs:51HERO_PROC_UI_BASE_PATH)hero_lib_rhai/crates/os_rhai/src/git.rs:362GIT_DEFAULT_BASE_PATH(filesystem path for git ops, NOT URL prefix — different concept, same name)META rule (Pillar 3) — first concrete violation pinned
hero_biz_adminandhero_foundry_serverare managed_admin/_serverprocesses that readBASE_PATH(a configurable URL prefix) fromstd::env::var. Per home#225's umbrella, this is a home#223 (native Rust binaries) violation — but perhero_web_prefix, the right fix is delete the env var path entirely, not migrate it tosecret.get. The prefix is request-scoped, not config-scoped.Plan
Phase 1 — Naming completion (4 repos)
Open one PR per repo to complete the rename: crate dir →
crates/hero_X_admin/,[package].name → "hero_X_admin", workspacemembersupdated, downstreamCargo.tomldeps updated, env var namesHERO_X_UI_*→HERO_X_ADMIN_*updated everywhere.[package].namerenamePhase 2 —
BASE_PATHpurge (4 producer repos + hero_router + hero_skills + hero_demo)The model PR is hero_biz reference impl. Once it's accepted, the same shape is applied to foundry/agent/embedder.
P2.1 hero_biz reference impl (highest leverage, smallest diff):
crates/hero_biz_admin/src/web/server.rs:122— delete thestd::env::var("BASE_PATH")line; removebase_pathfromAppState(or make it always""); ensure the per-request middleware at line 85 +effective_base_path()at line 69 is the only source of truth.crates/hero_biz_admin/src/web/templates/{base,components}.rs— verify no env reads; templates takebase_pathfrom request extension.nutools/modules/services/service_biz.nu:149— drop theBASE_PATHenv from theenv:block (revert/supersede c0186425 since the value is being deleted, not renamed).services/hero_biz.toml:13— drop theBASE_PATH = ...line.crates/hero_router/src/service_manager/services/hero_biz.rs:82— drop the("BASE_PATH", ...)env entry; verifyX-Forwarded-Prefixheader is injected on every routed request (this is the actual mechanism). If hero_router does not currently inject the header, fix that — that's the real defect this purge surfaces.P2.2 hero_foundry — same shape; drop env-only
base_pathfield onServerConfig, switch to per-request middleware.P2.3 hero_agent — drop env fallback; header-only.
P2.4 hero_embedder — drop env fallback; header-only.
P2.5 hero_code — drop env fallback; header-only.
P2.6 hero_proc — drop env fallback; header-only.
Phase 3 —
_admin/_weboutlier audithero_proc/crates/hero_proc_lib_ui/_lib_adminor merge intohero_proc_adminhero_embedderhero_embedder_admincrate, or document the dashboard-as-end-user-facing exceptionhero_foundry_uistandalone repoPhase 4 — Forgejo CI verification on s77 tags
20 fresh tags pushed in s77. Audit each for target-triple-named release assets, fix-forward per the s64-s73 playbook items 1-26 (target-triple naming, FORGEJO_TOKEN scope, ONNX cross-compile pivot for voice/embedder/editor, pre-existing fmt/clippy debt, etc.).
hero_db v0.5.0-rc1hero_proc v0.5.0-rc2hero_voice v0.5.0-rc1hero_proxy v0.5.0-rc1hero_whiteboard v0.1.0-rc3hero_collab v0.5.0-rc3hero_matrixchat v0.1.0-rc3hero_osis v0.1.0-rc1hero_agent v0.1.0-rc3hero_compute v0.1.8-rc1hero_planner v0.1.0-rc2hero_biz v0.5.0-rc1hero_browser v0.1.0-rc1hero_codescalers v0.1.0-rc1hero_editor v0.1.0-rc5hero_lib_rhai v0.5.0-rc1hero_logic v0.1.0-rc2hero_office v0.1.0-rc2hero_foundry v0.2.3-rc3hero_livekit v0.1.0-rc1Phase 5 — DO from-nothing re-validation on
hero.threefold.storeOnce Phases 1+2+4 settle, walk the D-06 bootstrap on a fresh DO droplet:
Target: 17/17 services start from CI artifacts on a fresh public-cloud VM with zero hand-patches (s75 had 14/17). The hero_db cascade and hero_collab asset-name lag from s75 are now fixed by the s77 sweep + this audit.
Closure criteria
[package].name+ binary all on_admin, fresh tag, downstreamCargo.tomldeps updated, hero_skills consumer aligned.grep -rn 'BASE_PATH' lhumina_code/ --include='*.rs' --include='*.nu' --include='*.toml'returns onlyos_rhai/git.rs's orthogonalGIT_DEFAULT_BASE_PATH.hero_service_test/SKILL.md§2.service_X install --download --version vNsucceeds for each on a fresh VM.hero.threefold.storefrom CI artifacts via D-06.Sequencing across the workspace's META trackers
_ui→_adminrollout)Out of scope
Signed-off-by: mik-tf
Phase 4 audit — Forgejo CI on the 20 s77 tags (2026-05-08)
Loop the Forgejo
/releases/tags/<tag>endpoint for each of the 20 fresh tags pushed in session 77, then for the no-release rows fall back to the most recent published release on the repo to size the gap.Verdict
6/20 OK (30%) · 1 wrong-shape · 13 no-release · 0 empty.
hero_db v0.5.0-rc1hero_db-linux-amd64(legacylinux-amd64shape, pre-home#212)hero_proc v0.5.0-rc2v0.5.0-rc1(3 assets)hero_voice v0.5.0-rc1v0.1.0-rc2(4 assets)hero_proxy v0.5.0-rc1v0.5.0(3 assets)hero_whiteboard v0.1.0-rc3v0.1.0-rc2(6 assets)hero_collab v0.5.0-rc3v0.5.0-rc2(3 assets)hero_matrixchat v0.1.0-rc3v0.1.0-rc2(6 assets)hero_osis v0.1.0-rc1v1.0.0-rc6(4 assets)hero_agent v0.1.0-rc3hero_compute v0.1.8-rc1v0.1.8(8 assets)hero_planner v0.1.0-rc2hero_biz v0.5.0-rc1hero_browser v0.1.0-rc1hero_codescalers v0.1.0-rc1hero_editor v0.1.0-rc5hero_lib_rhai v0.5.0-rc1v0.1.0-rc6(4 assets)hero_logic v0.1.0-rc2v0.1.0-rc1(3 assets)hero_office v0.1.0-rc2hero_foundry v0.2.3-rc3v0.2.3-rc2(6 assets)hero_livekit v0.1.0-rc1What this means
/git/refs/tags/<tag>). The s77 sweep did push them.failureandsuccessper the actions API).upload-release-assetsstep, or workflow that produces artifacts but not Releases).hero_db v0.5.0-rc1is the special case: release exists, 6 assets, but they're still on the pre-home#212linux-amd64shape — needs PATCH-rename to<bin>-x86_64-unknown-linux-musletc., same shape as session-64 sweep.Fix-forward priority for s79+
Order driven by what Phase 5 DO from-nothing re-validation needs. The bootstrap trio first, then the rest:
hero_proc v0.5.0-rc2,hero_db v0.5.0-rc1(PATCH-rename + re-tag if needed).hero_voice,hero_proxy,hero_collab,hero_osis,hero_foundry,hero_compute,hero_lib_rhai,hero_logic.hero_whiteboard,hero_matrixchat.hero_codescalers,hero_livekit. Investigate workflow before deciding fix-forward vs new tag.Each fix-forward likely follows the s64–s73 playbook items 1–26: workflow_dispatch retry after FORGEJO_TOKEN scope refresh, target-triple naming PATCH, ONNX cross-compile pivot for any voice/embedder/editor lane that fell over, pre-existing fmt/clippy debt cleanup. Investigate per-tag before committing to a fix-forward shape.
What's already deployable
The 6 OK tags can already be installed on a fresh VM via
service_<X> install --download --version vN:hero_agent v0.1.0-rc3hero_planner v0.1.0-rc2hero_biz v0.5.0-rc1hero_browser v0.1.0-rc1hero_editor v0.1.0-rc5hero_office v0.1.0-rc2Phase 5 DO re-validation will hit at most 6+latest-good for each remaining service until Phase 4 fix-forwards land. Mapping
latest-goodper service is the s79 entry point.Signed-off-by: mik-tf
Priority shift — 2026-05-08 (s79+) — locked under D-07
Per session-79 alignment with leadership, the primary closure axis for this META is now source-build on x86_64 for the 23 canonical demo services. CI release publishing is the secondary target — useful for the Phase 5 from-nothing flow on
hero.threefold.store, but not a gate. Theaarch64-unknown-linux-gnumatrix lane is dropped from every producer workflow going forward, archived as<name>.yaml.archived-aarch64(Forgejo Actions only loads.yaml/.yml, so the suffix prevents firing while keeping the lane reversible per repo).Locked under decisions/D-07-x86-source-build-priority.md (workspace-local decision file).
Canonical service set — 23 services, 23 repos
Sourced from
service_complete'sstarts_core(6) +starts_extra(17) per hero_skills/nutools/modules/services/packages.nu lines 227–254.Bootstrap core (6):
lhumina_code/hero_proclhumina_code/hero_routergeomind_code/mycelium_network(out-of-org producer forservice_mycelium; the locallhumina_code/hero_myceliumrepo is not the producer)lhumina_code/hero_codelhumina_code/hero_codescalers(driver-only target)lhumina_code/hero_embedderExtra (17):
hero_proxy,hero_db,hero_os,hero_osis,hero_collab,hero_livekit,hero_biz,hero_aibroker,hero_logic,hero_slides,hero_whiteboard,hero_indexer,hero_foundry,hero_voice,hero_agent,hero_books,hero_office— alllhumina_code/.Tier B and Tier C deferred: Tier B install-only utilities (
hero_browser,hero_editor,hero_planner,hero_researcher,hero_shrimp,hero_matrixchat,hero_compute,hero_lib_rhai,hero_archipelagos) and Tier C deprecated-audit candidates (hero_cluster,hero_coordinator,hero_launcher,hero_foundry_uiper home#229,hero_builder,hero_ledger,hero_mail) audited after the 23 are green.Closure axes
cargo build --workspace --releasepasses ondevelopment. Required for closure.Standing rule — x86_64 only
Producer PRs going forward archive the two-arch workflow file as
.forgejo/workflows/<name>.yaml.archived-aarch64(same directory; Forgejo Actions only loads.yaml/.yml, so the suffix prevents firing) and ship an x86-only canonical.yaml. Aarch64 is reversible per repo by removing the suffix.Re-sequenced phases under D-07
[[bin]]). Each PR also archives the aarch64 lane._admin, hero_foundry_ui via home#229.Closure for this META: all 23 source-build green + all 23 CI release green (latter as target, former as gate). Phases 1 + 2 + 3 close as before.
Why this reframe
Signed-off-by: mik-tf
mik-tf referenced this issue from lhumina_code/hero_demo2026-05-08 18:03:02 +00:00
Session 80 close — Phase 0 sweep + workspace sync + D-08 hero_builder pivot
Tl;dr
Phase 0 source-build sweep ran twice (pre-sync + post-sync), surfaced workspace drift the kickstart didn't catch (13 repos behind
origin/development), surfaced toolchain drift (rustup default 1.93 not 1.95), surfaced 5 real source-build bugs, and pivoted tohero_builderas the canonical build orchestrator under D-08. Phase 0 carries to s81 in the new shape (hero_builderinstead of manualcargo build --workspace --release); Phase 1 partial-migrations carry on top of confirmed-green source.Pre-sync sweep #1 (stale local state — historical reference)
19 PASS / 4 FAIL across the 23 canonical demo repos. Toolchain finding:
rustup defaultwas pinned to 1.93.0 even afterrustup update stablebumped the channel to 1.95.0; repos without an explicitrust-toolchain.tomlpin failed againstherolib_derive@0.6.0requiring 1.95. Fixed viarustup default stable.Workspace sync (the real news)
kickstart.sh's "clean @ development" check only inspects working-tree, not remote sync. Audit revealed 13 of 28 repos behindorigin/development— includinghero_lib(16 behind, top remote commit "bump version to 0.6.0" — the fix for hero_voice's stale rev pin),hero_os(18 behind), and 4 of the home#230 Phase 1 targets.15 repos ff-pulled cleanly (zero local commits ahead, no merge conflicts):
Follow-up: kickstart should also
git fetch && git log @{u}..HEADper repo before reporting "clean". Filing as a workspace-tooling improvement.Post-sync sweep #2 (partial — 6 of 23, stopped on pivot)
error[E0063]: missing field 'inputs' in initializer of 'JobCreateInput'atcrates/hero_codescalers_server/src/jobs.rs:260:21. PASS pre-sync; pulling upstream surfaced an API drift. Filed: hero_codescalers#245 source-build failures filed
herolib_core ^0.6.0vs pinned revf1d004c(which exposes 0.5.0); cargo can't resolvehero_foundry_server/src/http/server.rs:21importsherolib_core::loggerwhich is no longer exportedhero_collab_app/src/app.rs:112callshero_archipelagos_core::use_focus_pollwhich no longer exists (sister of s67 CI scope-out)desktopOSchema build-script panics with exit 101 after writing all generated files — likely anassert!/unwrap()in the generatorJobCreateInput.inputsmissing field atjobs.rs:260(NEW post-sync)hero_voiceis expected to auto-fix in s81 viahero_builder --policy-mode applyper D-08 (the rev pin is the exact class of bug the policy enforcer catches). The other 4 need source fixes.D-08 pivot to
hero_builderdecisions/D-08-hero_builder-as-canonical-build-tool.mdlockshero_builder(lives atlhumina_code/hero_code/crates/hero_builder/) as the canonical build orchestrator. Per-repobuildenv.shshell scripts and ad-hoccargo build --workspace --releasesweeps are deprecated.What hero_builder gives us:
Cargo.toml[package.metadata.hero_builder.rust_versions](dated today, says rust 1.95.0 + edition 2024) — this is the SSOT that wins over the drift-pronerust_toolchainandrust_versionsskills.--policy-mode checkfor cross-repo audit;--policy-mode applyauto-rewrites Cargo.toml deps below policy minimum..hero/build_map.jsonfingerprint skip-logic → ~10× faster on subsequent sweeps.agent_repair.rsLLM repair loop (featureagent) for failed-build auto-fixes.$BUILDDIR/bins/<bin>-<platform>central binary store → eliminates per-repobuildenv.shdrift (the s67/s70/s78 audit class).service builder install --reset.Two D-08 follow-ups filed:
rust_toolchain+rust_versionsskills against hero_builder's embedded SSOT (drop the 1.94 vs 1.92 vs 1.95 disagreement, point both at the canonical table).service builder install --downloadso workstations can grab the binary without first cargo-building it.s81 sweep set expanded to 35 repos
Per user direction, the s81 sweep includes the 23 D-07 canonical + 12 aspirational adds (all confirmed on forge):
hero_code_indexer,hero_compute,hero_lib,hero_lib_rhai,hero_matrixchat,hero_memory,hero_planner,hero_researcher,hero_rpc,hero_wallet,hero_webbuilder,hero_website_framework.5 of the 12 need fresh local clones in s81 (
hero_code_indexer,hero_memory,hero_wallet,hero_webbuilder,hero_website_framework).Pinned in
memory/project_demo_service_set.md. The 23 are gating; the 12 are "if/as possible".Issue closures
_ui→_adminMETA substantively superseded by home#230 Phase 1 (4 partial migrations) + Phase 3 (outliers) + sub-issue home#229 (foundry_ui standalone — survives).--bindflag confirmed in currentdevelopmentHEAD (hero_router/src/main.rs:262); s74 fix landed, s75 re-validated onhero.threefold.store.buildenv.shdeprecated in favor ofhero_builderplatform labels) but doesn't fully close it. Remaining work folds into home#230 Phase 4.home#230 phase status
hero_builderper D-08--policy-mode apply+ manual investigation3fe0585_admin, hero_foundry_ui via home#229buildenv.shremoval folds Phase 4 work into hero_builder adoptionPipeline-tracker artefacts (workspace-side, no code repo touched)
decisions/D-08-hero_builder-as-canonical-build-tool.mdruns/80-source-build-sweep.md— frozen sweep ledger (sweep #1 + sweep #2 partial overlay + 5 known failures + 15-repo ff-pull list)memory/project_demo_service_set.md— updated to 35-repo s81 sweep setsessions/80.yml— manifestZero code repo commits this session; all work was workspace-state and decision-locking.
Phase 0 (D-08 source-build sweep via
hero_builder) — Session 81 statusCold-sweep of the 35-repo set (23 D-07 canonical + 12 expanded adds per
memory/project_demo_service_set.md) executed withhero_builder v0.5.0from hero_code01971e1, policy revision 2026-05-08, rust 1.95.0 / edition 2024. Ledger:runs/81-source-build-sweep.md.Headline
121 binaries landed in
~/hero/build/bins/+~/hero/bin/from the 25 clean repos.Clean (25)
hero_proc,hero_router,hero_code,hero_embedder,hero_proxy,hero_db,hero_livekit,hero_biz,hero_aibroker,hero_logic,hero_slides,hero_indexer,hero_agent,hero_books,hero_office,hero_code_indexer,hero_matrixchat,hero_memory,hero_planner,hero_researcher,hero_rpc,hero_wallet,hero_webbuilder,hero_website_framework,mycelium_network(geomind_code).Failure root-cause taxonomy
Class A — root-owned
target/dirs (3 repos, sudo cleanup unblocks fully)Old (March 2026)
crates/<sub>/target/directories owned byroot:rootfrom priorsudo cargo buildinvocations. OschemaBuilder build-script panics onPermission denied (os error 13).hero_voice/crates/hero_voice/target/(Mar 19) — fixed in s81, builds in 2mhero_os/crates/hero_os_sdk/target/(Mar 25) — fixed in s81, builds in 1m 33shero_compute/crates/hero_compute_server/target/+hero_compute/crates/hero_compute_explorer/target/(Mar 17) — pending sudo cleanupAfter sudo
rm: zero source changes needed. Workspaces build green.Class B —
hero_builderdoesn't pass[bin].required-features(2 repos, 3 bins)Cargo refuses to build a
[[bin]]declaringrequired-features = [...]unless--featuresis passed. hero_builder's per-bin invocation omits this.hero_osishero_bot["ai", "flow"]hero_libopencode_demo,opencode_tester["opencode"]Filed as hero_builder follow-up — read
[bin].required-featuresfromcargo metadataand forward tocargo build --features <list>. No source defects.Class C — Hero workspace version skew (3 repos, fixed locally; uncommitted)
Cargo.toml declares e.g.
hero_db_sdk = "^0.5.0"againstbranch = "development"git deps that ship0.6.0.hero_wallet— 5 Cargo.toml bumps (^0.5.0 → ^0.6.0) — fixed locallyhero_foundry— 2 manifestsversion = "0.5" → "0.6"— fixed locallyhero_codescalers—crates/hero_codescalers_server/src/jobs.rs:260constructor: addedinputs: None,— fixed locally (3-line diff)hero_collab—cargo update -p hero_archipelagos_core(lockfile-only, stale lock not API drift) — fixed locallyThese 4 await per-repo squash-merge per workspace policy.
Class D — upstream coordination required (1 repo, real multi-PR scope)
hero_lib_rhairedis API mismatch — workspace pinsredis = "1.2";herolib_core 0.6.0uses redis 0.31 in public API (21 type errors incore_rhai/...). hero_builder policy saysredis = "1", soherolib_coreis the one out of compliance. Resolution: upgradeherolib_core's redis dep to 1.x inhero_lib. Substantial PR.Class E — downstream secondary error after primary fix (1 repo)
hero_codescalersaxum 0.8Handlertrait bound — after theJobCreateInput.inputsctor fix,hero_codescalers_server/src/main.rs:199fails onHandler<_, _>trait bound forrpc_handler. Likely affects other consumers using custom axum 0.8 handler shapes.What this means for home#230 phases
hero_lib(Class D)_ui→_adminpartial migrations in hero_voice / hero_proxy / hero_whiteboard / hero_osis) — deferred to s82, all 4 source-build green and ready.hero_builderv0.5.0 itselfConfirmed working as designed. Skip-logic via
.hero/build_map.jsonis real (hero_proc rebuild was 33s on second run). Per-target failure isolation works — every failing repo still installed its non-failing binaries. Dep-policy enforcement accurate. UPX, sccache, rustc 1.95 / edition 2024 wired correctly. Two well-bounded follow-ups filed (Class Brequired-features, agent-repair needs running broker).Carries to s82
sudo rm2 hero_compute target dirs)hero_builderenhancement — 1 PR)hero_libredis upgrade — substantial)_ui→_adminPRs (4 repos, all source-build-green)Posted from session 81 —
runs/81-source-build-sweep.mdhas the full per-repo table and per-failure cargo errors.Sessions 82–83 status — Phase 1 closure landed, post-merge sweep in flight
(Posting from s83 — combines the s82 close that was never published here with s83's actions through this point. Exact post-merge per-repo tally will follow as a separate comment once the in-flight
hero_builderground-truth sweep finishes.)What landed since comment 31194 (s81 close at 25/35 clean, 10/35 partial)
Session 82 — closed all 4 s81 carry-overs + shipped Phase 1 as 5 open PRs
3 squash-merged carry-over fixes from s81's failure classes:
2d436ca— axum 0.8Handlertrait bound fix (droppedOption<ConnectInfo>extractor since the server is Unix-socket-only).305ffe2— 1-lineredis 0.31 → 1align with upstream herolib_core99aa2bb8+ non-exhaustiveValue _ => UNITarm.required-features) → hero_code#13634bc06—hero_buildernow reads[[bin]].required-featuresfromcargo metadataand forwards as--features. Unblockshero_osis hero_botand thehero_lib opencode_demo/opencode_testerlane (modulo a separate hero_lib redis-dep issue).1 documented Tier C deferral (
runs/82-intelligence-drift.md):_intelligence(43 errors againsthero_osisflow refactorac1b5fc). Substantive fix deferred per D-07.5 Phase 1
_ui→_adminPRs opened (4 producers + 1 consumer), all source-build verified green viahero_builder --release --installon the PR branches:Plus 2 hero_demo direct-pushes to
development(perfeedback_no_direct_push_except_hero_demo.md):a00829b— DEPLOYMENT.md §5.0hero_buildercanonical-orchestrator section.fc3d079— flipped 4 service TOMLs fromhero_X_ui(latent bug, those binaries no longer existed since s77's[[bin]] nameflip) tohero_X_admin.Workspace hygiene: 0 root-owned items remaining under
lhumina_code/(s81's ~860 estimate was stale; user ran sudo cleanup mid-session). Closed Class A.Session 83 (in flight) — Phase 1 squash-merge gate cleared, sweep running
All 5 Phase 1 PRs squash-merged with
delete_branch_after_merge=true(perfeedback_delete_branch_on_squash_merge.md):c9a3299cda5f21db1e84aca678dbf75e58aPost-merge re-sweep on the 4 cargo repos via
hero_builder(hash-skip warm path): all GREEN in 39s total wallclock. hero_skills skipped (nu-shell repo, no Cargo.toml).1 carry-forward CI fix-forward (rename hazard introduced by #49's omission of the workflow file):
99fe184—.forgejo/workflows/build.yamlline 59 release-bin existence loophero_osis_ui → hero_osis_admin. Squash-merged.Where we stand against home#230 phases
_ui→_adminmigrations (4 partials)development.hero_proc_lib_ui,hero_embeddermissing_admin,hero_foundry_ui(home#229).scripts/build_lib.shreferences that file has never been indevelopment). Idea on table: replace per-repo brittle workflows with a singlehero_builderinvocation in CI (D-08-aligned).hero.threefold.storeSource-build tally trajectory
origin/development; rustup 1.93 not 1.95hero_botunblocked by required-features fix)Path to 35/35 source-build green
hero_lib opencode_demouse redis::Commands;inherolib_clientsw/oredisdeclared as depCargo.tomladditionhero_lib opencode_testerhero_proc_lib_ui_lib_uisuffix, Phase 3 outlier_lib_adminor merged intohero_proc_admin?hero_embeddermissing_admin_adminis "Required when server exists"hero_foundry_ui_intelligenceac1b5fc; substantiveruns/82-intelligence-drift.md; deferred per D-07So: +2 quick (hero_lib redis) → 30/35, +3 Phase 3 outliers → 33/35, +1 Tier C → 35/35. The Tier C is the long pole.
Standing instructions still in force
delete_branch_after_merge=trueon every Forgejo squash-merge.aarch64always archived (<name>.yaml.archived-aarch64), never deleted.feedback_never_merge_hero_router_pr92.md).Signed-off-by: mik-tf
Session 83 close — Phase 1 closure + autonomous source-build closure → 35/35 canonical GREEN 🎉
Continuation of comment 31274 (s82 + early s83). The autonomous loop ran while user was away with scoped one-time OK to squash-merge source-build-fix PRs.
Headline
development_crate_layout). All GREEN underhero_builder --release --policy-mode warnagainst current development.memory/project_demo_service_set.md: hero_archipelagos (_intelligence43-error drift), hero_cluster (gutted repo), hero_ledger (15× near_api 0.8 call sites), hero_mycelium (api drift; canonical producer is geomind_code/mycelium_network anyway)121 binaries were shipped at s81. With this session's gains the binary count is higher; exact recount pending but
~/hero/build/bins/is fully populated for the demo.Session 83 PRs landed
Phase 1 squash-merge gate cleared (5 PRs, all
delete_branch_after_merge=true):c9a3299cda5f21db1e84aca678dbf75e58aP4 carry-forward CI fix-forward (rename hazard introduced by #49's omission of the workflow file):
99fe184—.forgejo/workflows/build.yaml:59hero_osis_ui → hero_osis_adminrelease-bin existence loop.Autonomous-loop fixes (all source-build closure, scoped one-time OK per
feedback_s83_autonomous_squash_ok.md):72ddade7— addredis = { version = "1", optional = true }behindopencodefeature soopencode_demo/opencode_testercompile (4 unresolved-import errors fixed).ec27af2—cargo update -p hero_rpc_osisto refresh Cargo.lock past the 0.5.0→0.6.0 bump in hero_rpc upstream.b6de3d3— bumphero_proc_sdk = "^0.5.0"→"^0.6.0"to match hero_proc development HEAD.9 PRs shipped this session, 0 on
development_*branches left orphaned, 0 destructive ops.Reverts (well-bounded out-of-scope finds)
Two attempts during the autonomous loop were investigated, found to exceed scope, and cleanly reverted with no commits or pushed branches:
a61bdd9"Remove deprecated files" deletedsrc/, nocrates/, onlyCargo.toml+docs_iroh+scriptsremain). The[[bin]]declaration is the only target and points at non-existentsrc/main.rs. Either restore the binary or delete the repo — needs user-level decision.hero_rpcrename (hero_rpc_oserver→hero_rpc_server) compiles pastcargo metadatabut then hits 5 source errors:OServerConfig::port(...)removed (API redesign),server.register::<T>(name)now needs 2 args (context, domain_name), plus a pre-existingpub use self as core; pub use self as server;E0365. This is API refactor territory, not a one-line catch-up. Per memory, canonical mycelium producer isgeomind_code/mycelium_networkanyway —hero_myceliumis a thin shim of unclear purpose.Tier C / out-of-scope reds remaining
_intelligencelib has 43 errors against hero_osis flow refactorac1b5fc(from 2026-03-27). Translation map atruns/82-intelligence-drift.md. Substantive Rust fix; deferred per D-07.near_apicrate API change:Contract::call_function(...).send_to(network).await?now returnsTransactionResultinstead ofExecutionFinalResult. 15 call sites insrc/sdk/client.rsneed rewrite (return-type change cascades through SDK). Nonear_api 0.7exists — can't pin-down. Out of autonomous scope.hero_rpc_serverv0.6.0 API + fixpub use selfE0365, or archive / delete sincegeomind_code/mycelium_networkis the canonical producer.State of home#230 phases
_ui→_adminmigrations_adminnot yet investigated.scripts/build_lib.shreferences that file has never been indevelopment). Idea on table for future: replace per-repo brittle workflows with singlehero_builderinvocation in CI (D-08-aligned).hero.threefold.storeStanding instructions still in force
delete_branch_after_merge=trueon every Forgejo squash-merge.aarch64always archived (<name>.yaml.archived-aarch64), never deleted.feedback_never_merge_hero_router_pr92.md).memory/feedback_s83_autonomous_squash_ok.md); standingfeedback_squash_merge_gate.mdrule resumes for s84+.Caveats & next-session entry points
development_crate_layout(most active branch on origin), notmain(its default) ordevelopment(also exists). Out-of-org repo — branching convention may differ from Hero. User decision whether to align._intelligencework is substantive (43 errors).runs/82-intelligence-drift.mdhas the translation map.Ledger:
build_logs/s83-fullsweep/SUMMARY.txt(initial) +build_logs/s83-round2/SUMMARY.txt(post-merge).Signed-off-by: mik-tf
Per-service GREEN status — 35/35 canonical demo set under
hero_builder(s83 close, 2026-05-09)Adding the explicit per-repo enumeration that comment 31311 summarised as "35/35 GREEN". Source of the 35-set membership:
memory/project_demo_service_set.md(locked under D-07).All entries below verified GREEN under
~/hero/bin/hero_builder --release --policy-mode warnagainst currentorigin/development(ordevelopment_crate_layoutfor the out-of-org producer). Sweep ledger:build_logs/s83-round2/SUMMARY.txt.23 canonical demo repos (D-07 gating set)
Bootstrap core (3)
c9730d1b3b9d834b87c1b(development_crate_layout)Core (3)
634bc062d436caf52efd0Extra (17)
cda5f211eccbdaec27af299fe18458205a3891e60b1e1995f9a03f20c51eaf2856714cdb1e84ab68008e35ab5b3c9a3299011bf995b8c8a5aeb2d28b12 expanded sweep set (s81 user-requested adds)
e56f79a215407a72ddade7305ffe2846aeb1b8a184e23314f5a21509701f003003c0deb3447c87a40f0c3Tally
~/hero/build/bins/Out-of-set Tier C reds (lhumina_code/ wider workspace, NOT in 35-set, NOT blocking)
Per
memory/project_demo_service_set.mdline 67: "hero_browser,hero_editor,hero_shrimp,hero_archipelagos(still active dep though),hero_cluster,hero_coordinator,hero_launcher,hero_foundry_ui(standalone repo per home#229),hero_builder(the standalone repo, not the crate inside hero_code),hero_ledger,hero_mail— defer or archive."Of the 11 Tier C repos, 4 are RED in the wider-workspace sweep:
_intelligencelib has 43 errors against hero_osis flow refactorac1b5fc(2026-03-27)a61bdd9("Remove deprecated files") — nosrc/, nocrates/near_api 0.8API change: 15 call sites need rewrite (Contract.send_to(...).await?→TransactionResultnotExecutionFinalResult); no older near_api version existshero_rpc_oserver→hero_rpc_serverrename triggers 5 source errors (OServerConfig::portremoved,register::<T>2-arg, pre-existingpub use self asE0365)geomind_code/mycelium_networkper memory; this thin shim may want archivingThe other 7 Tier C repos (hero_browser, hero_editor, hero_shrimp, hero_coordinator, hero_launcher, hero_foundry_ui, hero_builder, hero_mail) are GREEN or non-cargo/skipped:
390279a), hero_editor (41ad164), hero_shrimp (3fd3074), hero_coordinator (230b6b3), hero_launcher (18157b8), hero_foundry_ui (b6de3d3after s83 fix)Signed-off-by: mik-tf
Source-build status — 35 / 35 canonical services GREEN via
hero_builder(2026-05-09)All 35 repos in the canonical demo set source-build clean on x86_64 from
development(ordevelopment_crate_layoutfor the out-of-org producer) under~/hero/bin/hero_builder --release --policy-mode warn. 149 binaries installed to~/hero/build/bins/(up from 121 at s81 close).Source of the 35-set membership:
memory/project_demo_service_set.md(locked under D-07). Sweep ledger:build_logs/s83-round2/SUMMARY.txt.c9730d1b3b9d834b87c1b634bc062d436caf52efd0cda5f211eccbdaec27af299fe18458205a3891e60b1e1995f9a03f20c51eaf2856714cdb1e84ab68008e35ab5b3c9a3299011bf995b8c8a5aeb2d28be56f79a215407a72ddade7305ffe2846aeb1b8a184e23314f5a21509701f003003c0deb3447c87a40f0c3Tally: 35 / 35 (100%) canonical demo set GREEN. 0 reds in scope.
Out-of-set Tier C reds (4, all explicitly deferred per
memory/project_demo_service_set.md, NOT blocking the demo):hero_archipelagos(_intelligence43-error drift, deferred per D-07)hero_cluster(repo gutted, needs archive/restore decision)hero_ledger(15×near_api 0.8call sites need rewrite)hero_mycelium(API drift; canonical mycelium producer is row 3 above)Signed-off-by: mik-tf
What's next — s84+ priority order (post-35/35 close)
With 35/35 canonical demo set GREEN under
hero_builder(per comment 31327), the path forward has one clear "gold" target and four supporting follow-ups.🥇 Gold next step — Phase 5: DO from-nothing on
hero.threefold.storeThe lighthouse for full home#230 closure. A clean DigitalOcean droplet → all 35 services running and reachable, end-user verified. This is now feasible from a fully-green source baseline (was blocked at s74 by missing producers; s83 closed the producer side).
Shape (mirrors s75 from-nothing run on the same host, already partially proven):
lhumina_code/hero_demo/deploy/cloud_vm/helpers (reference_do_deploy.md).--download(D-06):service_proc start --download → service_mycelium start --download → service_router start --download → nginx + LE + htpasswd.service_complete --downloadto start all 17 service-set entries.hero_ui_dashboardskill) → screenshot + console clean.What changed since s75: the 4 Phase 1 producers (voice/proxy/whiteboard/osis) now publish
_adminbinaries, and 35/35 source-build under hero_builder. So the from-nothing run no longer hits the half-renamed-binary failures s75 saw.Caveats (s84 needs to handle these inline):
development_crate_layoutnotmain— confirm DO bootstrap fetches the right release.hero.threefold.storeCloudflare DNS automation is incloud_vm/cf_dns_set.sh(reference_do_deploy.md).🥈 Supporting follow-ups (parallel, lower priority)
_admindecision. home#229 for hero_foundry_ui repo standalone status remains separate.scripts/build_lib.shreferences that file has never been indevelopment, etc.) with a singlehero_builder --release --installinvocation in CI — eliminates the entirebuild_lib.shclass of bugs and makes CI a true mirror of source-build axis (D-08-aligned). Could become D-09. Strategic, optional, only worth doing if "on the way to source-build" per user direction.hero_archipelagos_intelligence43-error drift — substantive Rust work; defer or tackle. (b)hero_cluster— gutted repo; archive on forge OR delete locally OR restore source. (c)hero_ledger— 15×near_api 0.8rewrite OR stay deferred. (d)hero_mycelium— archive (canonical mycelium producer is geomind_code/mycelium_network) OR fix the API drift. None block P5.Standing rules carrying forward
delete_branch_after_merge=trueon every Forgejo squash-merge.aarch64always archived (<name>.yaml.archived-aarch64), never deleted.feedback_squash_merge_gate.md(per-PR explicit OK) is back in force for s84+ — the s83 one-time scoped autonomous OK does NOT carry forward.development(ormain/development_crate_layout) checked out across all repos; 0 open PRs by mik-tf; 6 open PRs by other authors left untouched per ownership rule.Signed-off-by: mik-tf
Bootstrap script for P5 from-nothing — landed (
hero_demo778d726)Closing the gap surfaced after comment 31328 listed Phase 5 DO from-nothing as the gold target: provisioning was already automated (
do_droplet_create.sh+cf_dns_set.sh), but the on-droplet bootstrap was a manual recipe in the README — and it was--download-only, missing the D-07-canonical from-source path.What landed
Direct-pushed to
hero_demo development(778d726, perfeedback_no_direct_push_except_hero_demo.md):deploy/cloud_vm/scripts/bootstrap_droplet_source.sh— single script, idempotent, 7 phases (each skippable viaSKIP_*env vars):reference_do_deploy.md)hero_builderfromhero_codesource (cargo install --features agent --force)geomind_code/mycelium_networkondevelopment_crate_layout); honoursFORGEJO_TOKENenv for the only private repo (hero_office)hero_builder --release --installper repo → 35 binaries land at~/hero/build/bins/; per-repo logs in~/hero/build/logs/; tally to~/hero/build/SUMMARY.txtdeploy/cloud_vm/README.mdupdated — now documents both paths:bootstrap_droplet_source.sh, D-07 canonical, ~2-4h cold)--downloadmanual recipe, ~15-20 min, inherits Phase 4 CI gaps)Usage on a fresh droplet
After completion: 35 binaries source-built locally on the droplet, ready for
service_complete(or hand-pick service starts via locally-built bins).Workspace hygiene at s83 close
delete_branch_after_merge=true(origin branches deleted at merge time).hero_proxy/development_workspace_06_liftandhero_assistance/development_bootstrap).feedback_branch_cleanup_only_own_authored.md.s84 entry point now reads cleanly:
prompt.md §3step 1 = Path A run on a fresh DO droplet → close P5.Signed-off-by: mik-tf
P5 in flight —
bootstrap_droplet_source.shhad 3 unrelated bugs, fixed at hero_demo96947d3Status (s84 mid-flight): DO droplet
hero-s84(164.90.192.93, FQDNhero.threefold.store, 24h TTL) is currently running Phase 7 of thehero_builder(nowlab) source-build sweep. 5/35 GREEN at time of writing —hero_procc9730d1,hero_routerb3b9d83,hero_coded907902,hero_codescalers2d436ca,hero_embedderf52efd0. Tracking the rest via on-droplet log + per-repo build markers; ETA ~1.5–3.5h cold.The script was added at s83 close
778d726but had never actually been run end-to-end before s84 attempted P5. Three independent bugs blocked Phase 5; all three reproduced on a clean DO droplet, were fixed in-flight, and now landed as canonical fixes in96947d3:wait_cloud_initblocked indefinitely onunattended-upgrade-shutdown. The shutdown-hook helper (/usr/share/unattended-upgrades/unattended-upgrade-shutdown) idles forever waiting for SIGTERM at machine shutdown. Itscommfield is exactlyunattended-upgr(15-char truncation), sopgrep -x unattended-upgrmatches it until the 10-min timeout fires. Fix: pre-emptivelypkill -fthe helper before the loop (safe on a running box; systemd respawns at next boot).crates/hero_builderwas renamed tocrates/labupstream in hero_codea67f3528a(rename) + merged907902, both landed AFTER s83 close. Thecrates/hero_builderdirectory still exists but contains only vestigialsrc/— noCargo.toml— socargo install --path crates/hero_builder404s. Fix: install fromcrates/lab; add backward-compat symlink~/hero/bin/hero_builder → labfor the script's ownbuild_repo()callers + DEPLOYMENT.md + CLAUDE.md references.Phase 5 install needed
hero_libcloned, buthero_libonly landed in Phase 6. lab'sCargo.tomlhas path-deps:Cargo's workspace resolver must read both manifests regardless of
--features=. Fix: pre-clonehero_libalongsidehero_codein Phase 5.Also dropped
--features agent(only fires whenhero_aibrokeris running on UDS — irrelevant during bootstrap) and bumped--depth 1 → --depth 50for consistency with Phase 6's clone helper.The fix is empirically validated on the droplet — Phase 5 install completed cleanly, all 35 repos cloned in Phase 6, Phase 7 sweep producing GREEN markers. Will post final tally + admin-URL smoke results to this thread when the chain (
bootstrap.done → setup → stack → nginx) reachesnginx.done.P5 partial validation — droplet torn down at 5/35 GREEN, fix-PR landed
User judgment-called the from-source DO validation at the high-confidence point: the source-build sweep's expensive uncertainty (does
labwork cleanly on a fresh box?) was already locked in, and the remaining ~3h × $0.167/hr was deemed non-essential since the local s83 sweep already proved 35/35 GREEN at the same source baseline.What we now have empirical proof of (the part that matters for home#230 P5):
bootstrap_droplet_source.shran cleanly through Phases 0–6 on a fresh DOs-8vcpu-16gb-amdcloud droplet (no prior state).lab --release --install --policy-mode warnand produced 5/5 GREEN before teardown — same 5 repos, same flags, same Rust 1.95.0 pin as s83's local sweep.development_crate_layout).do_droplet_destroy.sh; Cloudflare A record removed.Partial sweep ledger captured:
build_logs/s84-do-partial/SUMMARY.txt+bootstrap.log.tail.What we still don't have empirical proof of (deferred from this run):
post_bootstrap_setup.sh→start_stack.sh→setup_nginx.sh) end-to-end validation. Particularly the L-05 cargo-rebuild-during-service_X startpath against locally-built target/ binaries — this is the highest-residual-uncertainty piece for any future from-source deploy./adminpaths.Standing fix is durable — the script bug-fix at hero_demo
96947d3means a future operator running the same bootstrap on a fresh droplet will hit Phase 6 cleanly out of the box, no manual workarounds needed. The post-bootstrap chain (post_bootstrap_setup.sh/start_stack.sh/setup_nginx.sh) was written ad-hoc on the droplet and is not yet committed — those are TODO for the next P5 attempt.P5 status: validated through the build half (Phases 0–6 + start of 7); deferred on the runtime half. Closing this comment thread for now; reopen / new META when next P5 attempt runs.